class Rack::Protection::SessionHijacking

spoofed, too, this will not prevent all hijacking attempts. from Firesheep. Since all headers taken into consideration might be the session if those properties change. This essentially prevents attacks Tracks request properties like the user agent in the session and empties More infos

en.wikipedia.org/wiki/Session_hijacking<br>Supported browsers

all Prevented attack: Session Hijacking
#

def accepts?(env)

def accepts?(env)
  session = session env
  key     = options[:tracking_key]
  if session.include? key
    session[key].all? { |k,v| v == encrypt(env[k]) }
  else
    session[key] = {}
    options[:track].each { |k| session[key][k] = encrypt(env[k]) }
  end
end

def encrypt(value)

def encrypt(value)
  value = value.to_s.downcase
  options[:encrypt_tracking] ? super(value) : value
end

Modules

Classes

class Rack::Protection::SessionHijacking

def accepts?(env)

def encrypt(value)

Namespace

Parent class

Instance Methods

Defined in